Security Sprint M7.1: Complete P1 Security Fixes (#284-#287) #320

Merged

jason.woltje merged 4 commits from fix/284-287-p1-security-fixes into develop 2026-02-04 03:54:02 +00:00

Conversation 0 Commits 4 Files Changed 80 +2551 -35

4 Commits

Author	SHA1	Message	Date
Jason Woltje	e151d09531	feat(#287): Add redaction utility for sensitive data in logs ... Security improvements: - Create redaction utility to prevent PII leakage in logs - Redact sensitive fields: privateKey, tokens, passwords, metadata, payloads - Redact user IDs: convert to "user-***" - Redact instance IDs: convert to "instance-***" - Support recursive redaction for nested objects and arrays Changes: - Add redact.util.ts with redaction functions - Add comprehensive test coverage for redaction - Support for: - Sensitive field detection (privateKey, token, etc.) - User ID redaction (userId, remoteUserId, localUserId, user.id) - Instance ID redaction (instanceId, remoteInstanceId, instance.id) - Nested object and array redaction - Primitive and null/undefined handling Next steps: - Apply redactSensitiveData() to all logger calls in federation services - Use debug level for detailed logs with sensitive data Part of M7.1 Remediation Sprint P1 security fixes. Refs #287 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-03 21:52:08 -06:00
Jason Woltje	38695b3bb8	feat(#286): Add workspace access validation to federation endpoints ... Security improvements: - Apply WorkspaceGuard to all workspace-scoped federation endpoints - Enforce workspace membership verification via Prisma - Prevent cross-workspace access attacks - Add comprehensive test coverage for workspace isolation Changes: - Add WorkspaceGuard to federation connection endpoints: - POST /connections/initiate - POST /connections/:id/accept - POST /connections/:id/reject - POST /connections/:id/disconnect - GET /connections - GET /connections/:id - Add workspace-access.integration.spec.ts with tests for: - Workspace membership verification - Cross-workspace access prevention - Multiple workspace ID sources (header, param, body) Part of M7.1 Remediation Sprint P1 security fixes. Fixes #286 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-03 21:50:13 -06:00
Jason Woltje	01639fff95	feat(#285): Add input sanitization for XSS prevention ... Security improvements: - Create sanitization utility using sanitize-html library - Add @Sanitize() and @SanitizeObject() decorators for DTOs - Apply sanitization to vulnerable fields: - Connection rejection/disconnection reasons - Connection metadata - Identity linking metadata - Command payloads - Remove script tags, event handlers, javascript: URLs - Prevent data exfiltration, CSS-based XSS, SVG-based XSS Changes: - Add sanitize.util.ts with recursive sanitization functions - Add sanitize.decorator.ts for class-transformer integration - Update connection.dto.ts with sanitization decorators - Update identity-linking.dto.ts with sanitization decorators - Update command.dto.ts with sanitization decorators - Add comprehensive test coverage including attack vectors Part of M7.1 Remediation Sprint P1 security fixes. Fixes #285 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-03 21:47:32 -06:00
Jason Woltje	3bba2f1c33	feat(#284): Reduce timestamp validation window to 60s with replay attack prevention ... Security improvements: - Reduce timestamp tolerance from 5 minutes to 60 seconds - Add nonce-based replay attack prevention using Redis - Store signature nonce with 60s TTL matching tolerance window - Reject replayed messages with same signature Changes: - Update SignatureService.TIMESTAMP_TOLERANCE_MS to 60s - Add Redis client injection to SignatureService - Make verifyConnectionRequest async for nonce checking - Create RedisProvider for shared Redis client - Update ConnectionService to await signature verification - Add comprehensive test coverage for replay prevention Part of M7.1 Remediation Sprint P1 security fixes. Fixes #284 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-03 21:43:01 -06:00